IE 10 Supporting Multiple Certificate Paths

This section provides a tutorial example showing IE 10 supports multiple certificate paths for 'login.yahoo.com'.

After deleted the root certificate "VeriSign Class 3 Public Primary Certification Authority - G5", which issued "VeriSign Class 3 Secure Server CA - G3", which issued "*.login.yahoo.com", I want to visit https://login.yahoo.com again with IE 10 to see what will happen.

1. Run IE 10 and go to https://login.yahoo.com and wait for the log in page to be displayed.

2. Click the lock icon at the end of the Web address field. A small pop up windows shows up.

3. Click the "View certificates" link on the pop up window. The Certificate dialog box shows up.

4. Click the "Certificate Path" tab. I am surprised to see that IE 10 validated "login.yahoo.com" certificate with a new certificate path:

VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
                                      - The root CA certificate
|- VeriSign Class 3 Public Primary Certification Authority - G5
                                      - An intermediate CA certificate
   |- VeriSign Class 3 Secure Server CA - G3
                                      - An intermediate CA certificate
      |- *.login.yahoo.com            - The Web server certificate

5. Remember the certificate path used by IE 10 before I deleted "VeriSign Class 3 Public Primary Certification Authority - G5" certificate with a display of "VeriSign" from the trust root CA certificate tab. It looked like this:

VeriSign                         - The root CA certificate
|- VeriSign Class 3 Secure Server CA - G3
                                 - The intermediate CA certificate
   |- *.login.yahoo.com          - The Web server certificate

The explanation is that there are two certificates with the same identity name "VeriSign Class 3 Secure Server CA - G3":

IE 10 is smart enough to use a different certificate path to validate "login.yahoo.com" based on which root CA certificate is available.

Last update: 2015.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

Using HTTPS with IE (Internet Explorer) 10

 Visiting "https" Web Site with IE 10

 Viewing Server Certificate Details in IE 10

 Viewing Server Certificate Path in IE 10

 Installing Server Certificate Permanently in IE 10

 Viewing Certificates in Certificate Stores in IE 10

 Listing of Trusted Root CA in IE 10

 Exporting Certificate to File from IE 10

 Saving Server Certificate to File with IE 10

 Deleting Certificates from IE 10

IE 10 Supporting Multiple Certificate Paths

 IE 10 Reinstalling Root Certificates Automatically

 Windows Automatic Root Update Mechanism

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version